Commit | Line | Data |
---|---|---|
2e19e101 SG |
1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* | |
3 | * Copyright (C) 2004 IBM Corporation | |
4 | * Copyright (C) 2014 Intel Corporation | |
5 | */ | |
6 | ||
f2219745 JB |
7 | #include <linux/asn1_encoder.h> |
8 | #include <linux/oid_registry.h> | |
2e19e101 SG |
9 | #include <linux/string.h> |
10 | #include <linux/err.h> | |
11 | #include <linux/tpm.h> | |
12 | #include <linux/tpm_command.h> | |
13 | ||
14 | #include <keys/trusted-type.h> | |
15 | #include <keys/trusted_tpm.h> | |
16 | ||
f2219745 JB |
17 | #include <asm/unaligned.h> |
18 | ||
19 | #include "tpm2key.asn1.h" | |
20 | ||
2e19e101 SG |
21 | static struct tpm2_hash tpm2_hash_map[] = { |
22 | {HASH_ALGO_SHA1, TPM_ALG_SHA1}, | |
23 | {HASH_ALGO_SHA256, TPM_ALG_SHA256}, | |
24 | {HASH_ALGO_SHA384, TPM_ALG_SHA384}, | |
25 | {HASH_ALGO_SHA512, TPM_ALG_SHA512}, | |
26 | {HASH_ALGO_SM3_256, TPM_ALG_SM3_256}, | |
27 | }; | |
28 | ||
f2219745 JB |
29 | static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 }; |
30 | ||
31 | static int tpm2_key_encode(struct trusted_key_payload *payload, | |
32 | struct trusted_key_options *options, | |
33 | u8 *src, u32 len) | |
34 | { | |
35 | const int SCRATCH_SIZE = PAGE_SIZE; | |
36 | u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL); | |
37 | u8 *work = scratch, *work1; | |
38 | u8 *end_work = scratch + SCRATCH_SIZE; | |
39 | u8 *priv, *pub; | |
40 | u16 priv_len, pub_len; | |
ffcaa217 | 41 | int ret; |
f2219745 JB |
42 | |
43 | priv_len = get_unaligned_be16(src) + 2; | |
44 | priv = src; | |
45 | ||
46 | src += priv_len; | |
47 | ||
48 | pub_len = get_unaligned_be16(src) + 2; | |
49 | pub = src; | |
50 | ||
51 | if (!scratch) | |
52 | return -ENOMEM; | |
53 | ||
54 | work = asn1_encode_oid(work, end_work, tpm2key_oid, | |
55 | asn1_oid_len(tpm2key_oid)); | |
56 | ||
57 | if (options->blobauth_len == 0) { | |
58 | unsigned char bool[3], *w = bool; | |
59 | /* tag 0 is emptyAuth */ | |
60 | w = asn1_encode_boolean(w, w + sizeof(bool), true); | |
ffcaa217 JS |
61 | if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) { |
62 | ret = PTR_ERR(w); | |
63 | goto err; | |
64 | } | |
f2219745 JB |
65 | work = asn1_encode_tag(work, end_work, 0, bool, w - bool); |
66 | } | |
67 | ||
68 | /* | |
69 | * Assume both octet strings will encode to a 2 byte definite length | |
70 | * | |
71 | * Note: For a well behaved TPM, this warning should never | |
72 | * trigger, so if it does there's something nefarious going on | |
73 | */ | |
74 | if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, | |
ffcaa217 JS |
75 | "BUG: scratch buffer is too small")) { |
76 | ret = -EINVAL; | |
77 | goto err; | |
78 | } | |
f2219745 JB |
79 | |
80 | work = asn1_encode_integer(work, end_work, options->keyhandle); | |
81 | work = asn1_encode_octet_string(work, end_work, pub, pub_len); | |
82 | work = asn1_encode_octet_string(work, end_work, priv, priv_len); | |
83 | ||
84 | work1 = payload->blob; | |
85 | work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), | |
86 | scratch, work - scratch); | |
050bf3c7 | 87 | if (IS_ERR(work1)) { |
ffcaa217 | 88 | ret = PTR_ERR(work1); |
050bf3c7 | 89 | pr_err("BUG: ASN.1 encoder failed with %d\n", ret); |
ffcaa217 JS |
90 | goto err; |
91 | } | |
f2219745 | 92 | |
ffcaa217 | 93 | kfree(scratch); |
f2219745 | 94 | return work1 - payload->blob; |
ffcaa217 JS |
95 | |
96 | err: | |
97 | kfree(scratch); | |
98 | return ret; | |
f2219745 JB |
99 | } |
100 | ||
101 | struct tpm2_key_context { | |
102 | u32 parent; | |
103 | const u8 *pub; | |
104 | u32 pub_len; | |
105 | const u8 *priv; | |
106 | u32 priv_len; | |
107 | }; | |
108 | ||
109 | static int tpm2_key_decode(struct trusted_key_payload *payload, | |
110 | struct trusted_key_options *options, | |
111 | u8 **buf) | |
112 | { | |
113 | int ret; | |
114 | struct tpm2_key_context ctx; | |
115 | u8 *blob; | |
116 | ||
117 | memset(&ctx, 0, sizeof(ctx)); | |
118 | ||
119 | ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob, | |
120 | payload->blob_len); | |
121 | if (ret < 0) | |
122 | return ret; | |
123 | ||
124 | if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE) | |
125 | return -EINVAL; | |
126 | ||
127 | blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL); | |
128 | if (!blob) | |
129 | return -ENOMEM; | |
130 | ||
131 | *buf = blob; | |
132 | options->keyhandle = ctx.parent; | |
133 | ||
134 | memcpy(blob, ctx.priv, ctx.priv_len); | |
135 | blob += ctx.priv_len; | |
136 | ||
137 | memcpy(blob, ctx.pub, ctx.pub_len); | |
138 | ||
139 | return 0; | |
140 | } | |
141 | ||
142 | int tpm2_key_parent(void *context, size_t hdrlen, | |
143 | unsigned char tag, | |
144 | const void *value, size_t vlen) | |
145 | { | |
146 | struct tpm2_key_context *ctx = context; | |
147 | const u8 *v = value; | |
148 | int i; | |
149 | ||
150 | ctx->parent = 0; | |
151 | for (i = 0; i < vlen; i++) { | |
152 | ctx->parent <<= 8; | |
153 | ctx->parent |= v[i]; | |
154 | } | |
155 | ||
156 | return 0; | |
157 | } | |
158 | ||
159 | int tpm2_key_type(void *context, size_t hdrlen, | |
160 | unsigned char tag, | |
161 | const void *value, size_t vlen) | |
162 | { | |
163 | enum OID oid = look_up_OID(value, vlen); | |
164 | ||
165 | if (oid != OID_TPMSealedData) { | |
166 | char buffer[50]; | |
167 | ||
168 | sprint_oid(value, vlen, buffer, sizeof(buffer)); | |
169 | pr_debug("OID is \"%s\" which is not TPMSealedData\n", | |
170 | buffer); | |
171 | return -EINVAL; | |
172 | } | |
173 | ||
174 | return 0; | |
175 | } | |
176 | ||
177 | int tpm2_key_pub(void *context, size_t hdrlen, | |
178 | unsigned char tag, | |
179 | const void *value, size_t vlen) | |
180 | { | |
181 | struct tpm2_key_context *ctx = context; | |
182 | ||
183 | ctx->pub = value; | |
184 | ctx->pub_len = vlen; | |
185 | ||
186 | return 0; | |
187 | } | |
188 | ||
189 | int tpm2_key_priv(void *context, size_t hdrlen, | |
190 | unsigned char tag, | |
191 | const void *value, size_t vlen) | |
192 | { | |
193 | struct tpm2_key_context *ctx = context; | |
194 | ||
195 | ctx->priv = value; | |
196 | ctx->priv_len = vlen; | |
197 | ||
198 | return 0; | |
199 | } | |
200 | ||
2e19e101 | 201 | /** |
2a415274 | 202 | * tpm2_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. |
2e19e101 SG |
203 | * |
204 | * @buf: an allocated tpm_buf instance | |
205 | * @session_handle: session handle | |
206 | * @nonce: the session nonce, may be NULL if not used | |
207 | * @nonce_len: the session nonce length, may be 0 if not used | |
208 | * @attributes: the session attributes | |
209 | * @hmac: the session HMAC or password, may be NULL if not used | |
210 | * @hmac_len: the session HMAC or password length, maybe 0 if not used | |
211 | */ | |
212 | static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, | |
213 | const u8 *nonce, u16 nonce_len, | |
214 | u8 attributes, | |
215 | const u8 *hmac, u16 hmac_len) | |
216 | { | |
217 | tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); | |
218 | tpm_buf_append_u32(buf, session_handle); | |
219 | tpm_buf_append_u16(buf, nonce_len); | |
220 | ||
221 | if (nonce && nonce_len) | |
222 | tpm_buf_append(buf, nonce, nonce_len); | |
223 | ||
224 | tpm_buf_append_u8(buf, attributes); | |
225 | tpm_buf_append_u16(buf, hmac_len); | |
226 | ||
227 | if (hmac && hmac_len) | |
228 | tpm_buf_append(buf, hmac, hmac_len); | |
229 | } | |
230 | ||
231 | /** | |
232 | * tpm2_seal_trusted() - seal the payload of a trusted key | |
233 | * | |
234 | * @chip: TPM chip to use | |
235 | * @payload: the key data in clear and encrypted form | |
236 | * @options: authentication values and other options | |
237 | * | |
238 | * Return: < 0 on error and 0 on success. | |
239 | */ | |
240 | int tpm2_seal_trusted(struct tpm_chip *chip, | |
241 | struct trusted_key_payload *payload, | |
242 | struct trusted_key_options *options) | |
243 | { | |
40813f18 JS |
244 | off_t offset = TPM_HEADER_SIZE; |
245 | struct tpm_buf buf, sized; | |
f2219745 | 246 | int blob_len = 0; |
2e19e101 | 247 | u32 hash; |
e5fb5d2c | 248 | u32 flags; |
2e19e101 SG |
249 | int i; |
250 | int rc; | |
251 | ||
252 | for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) { | |
253 | if (options->hash == tpm2_hash_map[i].crypto_id) { | |
254 | hash = tpm2_hash_map[i].tpm_id; | |
255 | break; | |
256 | } | |
257 | } | |
258 | ||
259 | if (i == ARRAY_SIZE(tpm2_hash_map)) | |
260 | return -EINVAL; | |
261 | ||
f2219745 JB |
262 | if (!options->keyhandle) |
263 | return -EINVAL; | |
264 | ||
9d5171ea | 265 | rc = tpm_try_get_ops(chip); |
2e19e101 SG |
266 | if (rc) |
267 | return rc; | |
268 | ||
52ce7d97 JB |
269 | rc = tpm2_start_auth_session(chip); |
270 | if (rc) | |
271 | goto out_put; | |
272 | ||
8c657a05 JS |
273 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE); |
274 | if (rc) { | |
52ce7d97 JB |
275 | tpm2_end_auth_session(chip); |
276 | goto out_put; | |
8c657a05 JS |
277 | } |
278 | ||
40813f18 JS |
279 | rc = tpm_buf_init_sized(&sized); |
280 | if (rc) { | |
281 | tpm_buf_destroy(&buf); | |
52ce7d97 JB |
282 | tpm2_end_auth_session(chip); |
283 | goto out_put; | |
40813f18 JS |
284 | } |
285 | ||
52ce7d97 JB |
286 | tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); |
287 | tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_DECRYPT, | |
288 | options->keyauth, TPM_DIGEST_SIZE); | |
2e19e101 SG |
289 | |
290 | /* sensitive */ | |
40813f18 | 291 | tpm_buf_append_u16(&sized, options->blobauth_len); |
de66514d | 292 | |
de66514d | 293 | if (options->blobauth_len) |
40813f18 | 294 | tpm_buf_append(&sized, options->blobauth, options->blobauth_len); |
2e19e101 | 295 | |
40813f18 JS |
296 | tpm_buf_append_u16(&sized, payload->key_len); |
297 | tpm_buf_append(&sized, payload->key, payload->key_len); | |
298 | tpm_buf_append(&buf, sized.data, sized.length); | |
2e19e101 SG |
299 | |
300 | /* public */ | |
40813f18 JS |
301 | tpm_buf_reset_sized(&sized); |
302 | tpm_buf_append_u16(&sized, TPM_ALG_KEYEDHASH); | |
303 | tpm_buf_append_u16(&sized, hash); | |
2e19e101 | 304 | |
e5fb5d2c JB |
305 | /* key properties */ |
306 | flags = 0; | |
307 | flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH; | |
40813f18 JS |
308 | flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT); |
309 | tpm_buf_append_u32(&sized, flags); | |
e5fb5d2c | 310 | |
2e19e101 | 311 | /* policy */ |
40813f18 | 312 | tpm_buf_append_u16(&sized, options->policydigest_len); |
e5fb5d2c | 313 | if (options->policydigest_len) |
40813f18 | 314 | tpm_buf_append(&sized, options->policydigest, options->policydigest_len); |
2e19e101 SG |
315 | |
316 | /* public parameters */ | |
40813f18 JS |
317 | tpm_buf_append_u16(&sized, TPM_ALG_NULL); |
318 | tpm_buf_append_u16(&sized, 0); | |
319 | ||
320 | tpm_buf_append(&buf, sized.data, sized.length); | |
2e19e101 SG |
321 | |
322 | /* outside info */ | |
323 | tpm_buf_append_u16(&buf, 0); | |
324 | ||
325 | /* creation PCR */ | |
326 | tpm_buf_append_u32(&buf, 0); | |
327 | ||
328 | if (buf.flags & TPM_BUF_OVERFLOW) { | |
329 | rc = -E2BIG; | |
52ce7d97 | 330 | tpm2_end_auth_session(chip); |
2e19e101 SG |
331 | goto out; |
332 | } | |
333 | ||
52ce7d97 | 334 | tpm_buf_fill_hmac_session(chip, &buf); |
8c657a05 | 335 | rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data"); |
52ce7d97 | 336 | rc = tpm_buf_check_hmac_response(chip, &buf, rc); |
2e19e101 SG |
337 | if (rc) |
338 | goto out; | |
339 | ||
40813f18 JS |
340 | blob_len = tpm_buf_read_u32(&buf, &offset); |
341 | if (blob_len > MAX_BLOB_SIZE || buf.flags & TPM_BUF_BOUNDARY_ERROR) { | |
2e19e101 SG |
342 | rc = -E2BIG; |
343 | goto out; | |
344 | } | |
40813f18 | 345 | if (buf.length - offset < blob_len) { |
2e19e101 SG |
346 | rc = -EFAULT; |
347 | goto out; | |
348 | } | |
349 | ||
40813f18 | 350 | blob_len = tpm2_key_encode(payload, options, &buf.data[offset], blob_len); |
2e19e101 SG |
351 | |
352 | out: | |
40813f18 | 353 | tpm_buf_destroy(&sized); |
2e19e101 SG |
354 | tpm_buf_destroy(&buf); |
355 | ||
356 | if (rc > 0) { | |
357 | if (tpm2_rc_value(rc) == TPM2_RC_HASH) | |
358 | rc = -EINVAL; | |
359 | else | |
360 | rc = -EPERM; | |
361 | } | |
f2219745 | 362 | if (blob_len < 0) |
b3ad7855 BB |
363 | rc = blob_len; |
364 | else | |
365 | payload->blob_len = blob_len; | |
2e19e101 | 366 | |
52ce7d97 | 367 | out_put: |
8c657a05 | 368 | tpm_put_ops(chip); |
2e19e101 SG |
369 | return rc; |
370 | } | |
371 | ||
372 | /** | |
373 | * tpm2_load_cmd() - execute a TPM2_Load command | |
374 | * | |
375 | * @chip: TPM chip to use | |
376 | * @payload: the key data in clear and encrypted form | |
377 | * @options: authentication values and other options | |
378 | * @blob_handle: returned blob handle | |
379 | * | |
380 | * Return: 0 on success. | |
381 | * -E2BIG on wrong payload size. | |
382 | * -EPERM on tpm error status. | |
383 | * < 0 error from tpm_send. | |
384 | */ | |
385 | static int tpm2_load_cmd(struct tpm_chip *chip, | |
386 | struct trusted_key_payload *payload, | |
387 | struct trusted_key_options *options, | |
388 | u32 *blob_handle) | |
389 | { | |
390 | struct tpm_buf buf; | |
391 | unsigned int private_len; | |
392 | unsigned int public_len; | |
393 | unsigned int blob_len; | |
e5fb5d2c | 394 | u8 *blob, *pub; |
2e19e101 | 395 | int rc; |
e5fb5d2c | 396 | u32 attrs; |
2e19e101 | 397 | |
f2219745 JB |
398 | rc = tpm2_key_decode(payload, options, &blob); |
399 | if (rc) { | |
400 | /* old form */ | |
401 | blob = payload->blob; | |
402 | payload->old_format = 1; | |
403 | } | |
404 | ||
405 | /* new format carries keyhandle but old format doesn't */ | |
406 | if (!options->keyhandle) | |
407 | return -EINVAL; | |
2e19e101 | 408 | |
f2219745 JB |
409 | /* must be big enough for at least the two be16 size counts */ |
410 | if (payload->blob_len < 4) | |
411 | return -EINVAL; | |
412 | ||
413 | private_len = get_unaligned_be16(blob); | |
414 | ||
415 | /* must be big enough for following public_len */ | |
416 | if (private_len + 2 + 2 > (payload->blob_len)) | |
417 | return -E2BIG; | |
418 | ||
419 | public_len = get_unaligned_be16(blob + 2 + private_len); | |
420 | if (private_len + 2 + public_len + 2 > payload->blob_len) | |
2e19e101 SG |
421 | return -E2BIG; |
422 | ||
e5fb5d2c JB |
423 | pub = blob + 2 + private_len + 2; |
424 | /* key attributes are always at offset 4 */ | |
425 | attrs = get_unaligned_be32(pub + 4); | |
426 | ||
427 | if ((attrs & (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT)) == | |
428 | (TPM2_OA_FIXED_TPM | TPM2_OA_FIXED_PARENT)) | |
429 | payload->migratable = 0; | |
430 | else | |
431 | payload->migratable = 1; | |
432 | ||
2e19e101 SG |
433 | blob_len = private_len + public_len + 4; |
434 | if (blob_len > payload->blob_len) | |
435 | return -E2BIG; | |
436 | ||
52ce7d97 | 437 | rc = tpm2_start_auth_session(chip); |
2e19e101 SG |
438 | if (rc) |
439 | return rc; | |
440 | ||
52ce7d97 JB |
441 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD); |
442 | if (rc) { | |
443 | tpm2_end_auth_session(chip); | |
444 | return rc; | |
445 | } | |
446 | ||
447 | tpm_buf_append_name(chip, &buf, options->keyhandle, NULL); | |
448 | tpm_buf_append_hmac_session(chip, &buf, 0, options->keyauth, | |
449 | TPM_DIGEST_SIZE); | |
2e19e101 | 450 | |
f2219745 | 451 | tpm_buf_append(&buf, blob, blob_len); |
2e19e101 SG |
452 | |
453 | if (buf.flags & TPM_BUF_OVERFLOW) { | |
454 | rc = -E2BIG; | |
52ce7d97 | 455 | tpm2_end_auth_session(chip); |
2e19e101 SG |
456 | goto out; |
457 | } | |
458 | ||
52ce7d97 | 459 | tpm_buf_fill_hmac_session(chip, &buf); |
8c657a05 | 460 | rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob"); |
52ce7d97 | 461 | rc = tpm_buf_check_hmac_response(chip, &buf, rc); |
2e19e101 SG |
462 | if (!rc) |
463 | *blob_handle = be32_to_cpup( | |
464 | (__be32 *) &buf.data[TPM_HEADER_SIZE]); | |
465 | ||
466 | out: | |
f2219745 JB |
467 | if (blob != payload->blob) |
468 | kfree(blob); | |
2e19e101 SG |
469 | tpm_buf_destroy(&buf); |
470 | ||
471 | if (rc > 0) | |
472 | rc = -EPERM; | |
473 | ||
474 | return rc; | |
475 | } | |
476 | ||
477 | /** | |
478 | * tpm2_unseal_cmd() - execute a TPM2_Unload command | |
479 | * | |
480 | * @chip: TPM chip to use | |
481 | * @payload: the key data in clear and encrypted form | |
482 | * @options: authentication values and other options | |
483 | * @blob_handle: blob handle | |
484 | * | |
485 | * Return: 0 on success | |
486 | * -EPERM on tpm error status | |
487 | * < 0 error from tpm_send | |
488 | */ | |
489 | static int tpm2_unseal_cmd(struct tpm_chip *chip, | |
490 | struct trusted_key_payload *payload, | |
491 | struct trusted_key_options *options, | |
492 | u32 blob_handle) | |
493 | { | |
494 | struct tpm_buf buf; | |
495 | u16 data_len; | |
496 | u8 *data; | |
497 | int rc; | |
498 | ||
52ce7d97 | 499 | rc = tpm2_start_auth_session(chip); |
2e19e101 SG |
500 | if (rc) |
501 | return rc; | |
502 | ||
52ce7d97 JB |
503 | rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL); |
504 | if (rc) { | |
505 | tpm2_end_auth_session(chip); | |
506 | return rc; | |
507 | } | |
508 | ||
509 | tpm_buf_append_name(chip, &buf, blob_handle, NULL); | |
510 | ||
511 | if (!options->policyhandle) { | |
512 | tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, | |
513 | options->blobauth, | |
514 | options->blobauth_len); | |
515 | } else { | |
516 | /* | |
517 | * FIXME: The policy session was generated outside the | |
518 | * kernel so we don't known the nonce and thus can't | |
519 | * calculate a HMAC on it. Therefore, the user can | |
520 | * only really use TPM2_PolicyPassword and we must | |
521 | * send down the plain text password, which could be | |
522 | * intercepted. We can still encrypt the returned | |
523 | * key, but that's small comfort since the interposer | |
524 | * could repeat our actions with the exfiltrated | |
525 | * password. | |
526 | */ | |
527 | tpm2_buf_append_auth(&buf, options->policyhandle, | |
528 | NULL /* nonce */, 0, 0, | |
529 | options->blobauth, options->blobauth_len); | |
530 | tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT, | |
531 | NULL, 0); | |
532 | } | |
2e19e101 | 533 | |
52ce7d97 | 534 | tpm_buf_fill_hmac_session(chip, &buf); |
8c657a05 | 535 | rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing"); |
52ce7d97 | 536 | rc = tpm_buf_check_hmac_response(chip, &buf, rc); |
2e19e101 SG |
537 | if (rc > 0) |
538 | rc = -EPERM; | |
539 | ||
540 | if (!rc) { | |
541 | data_len = be16_to_cpup( | |
542 | (__be16 *) &buf.data[TPM_HEADER_SIZE + 4]); | |
e5fb5d2c | 543 | if (data_len < MIN_KEY_SIZE || data_len > MAX_KEY_SIZE) { |
2e19e101 SG |
544 | rc = -EFAULT; |
545 | goto out; | |
546 | } | |
547 | ||
548 | if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) { | |
549 | rc = -EFAULT; | |
550 | goto out; | |
551 | } | |
552 | data = &buf.data[TPM_HEADER_SIZE + 6]; | |
553 | ||
e5fb5d2c JB |
554 | if (payload->old_format) { |
555 | /* migratable flag is at the end of the key */ | |
556 | memcpy(payload->key, data, data_len - 1); | |
557 | payload->key_len = data_len - 1; | |
558 | payload->migratable = data[data_len - 1]; | |
559 | } else { | |
560 | /* | |
561 | * migratable flag already collected from key | |
562 | * attributes | |
563 | */ | |
564 | memcpy(payload->key, data, data_len); | |
565 | payload->key_len = data_len; | |
566 | } | |
2e19e101 SG |
567 | } |
568 | ||
569 | out: | |
570 | tpm_buf_destroy(&buf); | |
571 | return rc; | |
572 | } | |
573 | ||
574 | /** | |
575 | * tpm2_unseal_trusted() - unseal the payload of a trusted key | |
576 | * | |
577 | * @chip: TPM chip to use | |
578 | * @payload: the key data in clear and encrypted form | |
579 | * @options: authentication values and other options | |
580 | * | |
581 | * Return: Same as with tpm_send. | |
582 | */ | |
583 | int tpm2_unseal_trusted(struct tpm_chip *chip, | |
584 | struct trusted_key_payload *payload, | |
585 | struct trusted_key_options *options) | |
586 | { | |
587 | u32 blob_handle; | |
588 | int rc; | |
589 | ||
8c657a05 | 590 | rc = tpm_try_get_ops(chip); |
2e19e101 SG |
591 | if (rc) |
592 | return rc; | |
593 | ||
8c657a05 JS |
594 | rc = tpm2_load_cmd(chip, payload, options, &blob_handle); |
595 | if (rc) | |
596 | goto out; | |
597 | ||
2e19e101 | 598 | rc = tpm2_unseal_cmd(chip, payload, options, blob_handle); |
45477b3f | 599 | tpm2_flush_context(chip, blob_handle); |
2e19e101 | 600 | |
8c657a05 JS |
601 | out: |
602 | tpm_put_ops(chip); | |
603 | ||
2e19e101 SG |
604 | return rc; |
605 | } |